[PATCH v3 0/7] Appended signatures support for IMA appraisal

yring_from_id function. - Put modsig to measurement list if the template requires the signature contents. (suggested by Mimi). Thiago Jung Bauermann (7): integrity: Introduce struct evm_hmac_xattr MODSIGN: Export module signature definitions. PKCS#7: Introduce verify_pkcs7_message_sig

[PATCH v3 5/7] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v3 7/7] ima: Support module-style appended signatures for appraisal

. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig| 13 +++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 60 ++-- security/integrity/ima/ima_appraise.c | 102 ++--- security/integrity/ima

[PATCH v3 1/7] integrity: Introduce struct evm_hmac_xattr

ata, since in most places the array doesn't hold a digest. A separate struct evm_hmac_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann --- security/integrity/evm/evm.h

[PATCH v3 3/7] PKCS#7: Introduce verify_pkcs7_message_sig

Add function verify_pkcs7_message_signature which takes a struct pkcs7_message for verification isntead of the raw bytes that verify_pkcs7_signature takes. This will be used by IMA to verify files with module-style appended signatures. Signed-off-by: Thiago Jung Bauermann --- certs

[PATCH v3 6/7] ima: Store measurement after appraisal

, and by then the measure step was already completed and would need to be done again in case the template includes the signature. To avoid this problem, do the appraisal first so that the correct signature is stored by the template in the measure step. Signed-off-by: Thiago Jung Bauermann --- security

[PATCH v3 2/7] MODSIGN: Export module signature definitions.

validate_module_signature without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann --- include/linux/module.h | 3 -- include/linux/module_signature.h | 47 + init/Kconfig | 6 +++- kernel/Makefile | 2 +- kernel

[PATCH v3 4/7] integrity: Introduce integrity_keyring_from_id

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +++- security/integrity/integrity.h | 1 + 2 files

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use in this function) lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; ^ security/lock_down.c:100:40: note: each undeclared identifier is reported only once for each function it appears in -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH 1/2] ima: Free IMA measurement buffer on error

g the leak in this case. Fortunately, the current implementations of arch_ima_add_kexec_buffer() are very simple and cannot fail, so this is a theoretical problem. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH 2/2] ima: Free IMA measurement buffer after kexec syscall

> Signed-off-by: Lakshmi Ramasubramanian > Suggested-by: Tyler Hicks > Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list") Good catch. Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v2 2/2] memblock: do not start bottom-up allocations with kernel_end

8fabc623238e ("powerpc: Ensure that swiotlb buffer is allocated from low memory") This is because reverting the commit above also solves the problem on the machines where I've seen this issue. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v14 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

| 202 > drivers/of/kexec.c | 240 + > include/linux/of.h | 2 + > security/integrity/ima/ima.h | 4 - > security/integrity/ima/ima_kexec.c | 1 + > 9 files changed, 244 insertions(+), 248 dele

Re: [PATCH v14 4/6] powerpc: Delete unused functions

> arch/powerpc/include/asm/kexec.h | 4 --- > arch/powerpc/kexec/file_load.c| 60 --- > arch/powerpc/kexec/file_load_64.c | 4 ++- > 3 files changed, 3 insertions(+), 65 deletions(-) Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v14 6/6] arm64: Add IMA log information in kimage used for kexec

ch/arm64/Kconfig | 1 + > arch/arm64/include/asm/kexec.h | 5 + > 2 files changed, 6 insertions(+) Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v4 1/5] powerpc: Refactor kexec functions to move arch independent code to IMA

arch/powerpc/kexec/ima.c. If you prefer to keep the current order, it's worth mentioning on the commit log where get_addr_size_cells() and do_get_kexec_buffer() are coming from. Regardless: Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v4 2/5] powerpc: Use libfdt functions to fetch IMA buffer properties

; + if (ret < 0) > + return ret; > + addr_cells = ret; > + > + ret = fdt_size_cells(fdt, chosen_node); > + if (ret < 0) > return ret; > + size_cells = ret; > > entry_size = 4 * (addr_cells + size_cells); Ditto here. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v4 3/5] IMA: Refactor do_get_kexec_buffer() to call of_ functions directly

d-off-by: Lakshmi Ramasubramanian Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v4 1/5] powerpc: Refactor kexec functions to move arch independent code to IMA

op->length, , ); > + if (ret) > + return ret; > + > + ret = of_remove_property(of_chosen, prop); > + if (ret) > + return ret; > + > + return memblock_free(addr, size); > + > +} > + > #ifdef CONFIG_IMA_KEXEC > static int ima_dump_me

Re: [PATCH v6 1/3] powerpc: Refactor kexec functions to move arch independent code to IMA

> + * > + * Return: 0 on success, or negative errno on error. > + */ > +int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size) This function can't go in an IMA-specific directory, because it's used in arch/powerpc/kexec/file_load.c even if IMA isn't enabled. I'm not sure where would be a good place for it. Perhaps a new file called kernel/kexec_file_fdt.c? > +{ > + int i, ret, num_rsvs = fdt_num_mem_rsv(fdt); > + > + for (i = 0; i < num_rsvs; i++) { > + uint64_t rsv_start, rsv_size; > + > + ret = fdt_get_mem_rsv(fdt, i, _start, _size); > + if (ret) { > + pr_err("Malformed device tree.\n"); > + return -EINVAL; > + } > + > + if (rsv_start == start && rsv_size == size) { > + ret = fdt_del_mem_rsv(fdt, i); > + if (ret) { > + pr_err("Error deleting device tree > reservation.\n"); > + return -EINVAL; > + } > + > + pr_err("Freed the reserved memory at %lu of size %lu\n", > + start, size); This isn't an error. You should change it to a pr_debug() or remove it. > + return 0; > + } > + } > + > + return -ENOENT; > +} -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v6 3/3] arm64: Add IMA kexec buffer to DTB

ion is present in the device tree > for ARM64. > > Co-developed-by: Prakhar Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v10 2/8] powerpc: Move delete_fdt_mem_rsv() to drivers/of/kexec.c

Hi Lakshmi, Lakshmi Ramasubramanian writes: > On 12/6/20 5:50 PM, Lakshmi Ramasubramanian wrote: > > Hi Thiago, > >> On 12/4/20 6:22 PM, Thiago Jung Bauermann wrote >>> >>> Hello Lakshmi, >>> >>> Lakshmi Ramasubramanian writes: >>

Re: [PATCH v10 2/8] powerpc: Move delete_fdt_mem_rsv() to drivers/of/kexec.c

Lakshmi Ramasubramanian writes: > On 12/11/20 10:19 AM, Thiago Jung Bauermann wrote: >> Hi Lakshmi, >> Lakshmi Ramasubramanian writes: >> >>> On 12/6/20 5:50 PM, Lakshmi Ramasubramanian wrote: >>> >>> Hi Thiago, >>> >>>&

Re: [RFC PATCH 2/4] of: Add a common kexec FDT setup function

c when CONFIG_KEXEC_FILE is enabled is fine. But when > more functions (such as remove_ima_buffer()) are moved to this file, Makefile > needs to be updated for other ima kexec related CONFIGs. IMA kexec is only available if CONFIG_KEXEC_FILE is enabled, so I don't understand what problem you are seeing. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [RFC PATCH 1/4] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem

ec/file_load_64.c | 4 ++-- > 3 files changed, 5 insertions(+), 5 deletions(-) Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [RFC PATCH 2/4] of: Add a common kexec FDT setup function

> arm64 version also retries with a bigger allocation. That seems > unnecessary. > --- > drivers/of/Makefile | 1 + > drivers/of/kexec.c | 228 > include/linux/of.h | 5 + > 3 files changed, 234 insertions(+) > create mode 100644 drivers/of/kexec.c Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [RFC PATCH 3/4] arm64: Use common of_kexec_setup_new_fdt()

Rob Herring writes: > Signed-off-by: Rob Herring > --- > arch/arm64/kernel/machine_kexec_file.c | 123 + > 1 file changed, 3 insertions(+), 120 deletions(-) Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [RFC PATCH 4/4] powerpc: Use common of_kexec_setup_new_fdt()

Rob Herring writes: > Signed-off-by: Rob Herring > --- > > After the IMA changes, delete_fdt_mem_rsv() can also be removed. > > arch/powerpc/kexec/file_load.c | 125 ++--- > 1 file changed, 6 insertions(+), 119 deletions(-) Reviewed-by:

Re: [PATCH v13 1/6] ima: Move arch_ima_add_kexec_buffer() to ima

--- > arch/powerpc/kexec/ima.c | 17 - > security/integrity/ima/ima_kexec.c | 22 ++ > 3 files changed, 22 insertions(+), 20 deletions(-) Reviewed-by: Thiago Jung Bauermann Just one nit below. Also, I just noticed that this patch series hasn't been cc'd to t

Re: [PATCH v13 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

100644 > --- a/security/integrity/ima/ima_kexec.c > +++ b/security/integrity/ima/ima_kexec.c > @@ -10,6 +10,7 @@ > #include > #include > #include > +#include > #include > #include "ima.h" This include isn't necessary. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v13 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

owerpc/kexec/ima.c" to > "drivers/of/kexec.c" only when CONFIG_HAVE_IMA_KEXEC is enabled. > > => Also, compile write_number() and setup_ima_buffer() only when > CONFIG_IMA_KEXEC is enabled. Sounds good, with one additional change: So far, CONFIG_HAVE_IMA_KEXEC was

Re: [PATCH v13 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

err: With this change, setup_new_fdt() is nothing more than a call to of_kexec_setup_new_fdt(). It should be removed, and its caller should call of_kexec_setup_new_fdt() directly. This change could be done in patch 4 of this series, to keep this patch simpler. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v13 3/6] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT

r Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian > --- > drivers/of/kexec.c | 57 -- > 1 file changed, 5 insertions(+), 52 deletions(-) This is a nice improvement, thanks. Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v13 4/6] powerpc: Delete unused function delete_fdt_mem_rsv()

etions(-) As I mentioned in the other email, this patch could remove setup_new_fdt() as well. I'm a bit ambivalent on whether this patch should be squashed with patch 2 or left on its own, but I tend toward the latter option because patch 2 is big enough already. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v13 5/6] arm64: Free DTB buffer if fdt_open_into() fails

ons(+), 1 deletion(-) Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v13 6/6] arm64: Add IMA log information in kimage used for kexec

ig > @@ -1094,6 +1094,7 @@ config KEXEC > config KEXEC_FILE > bool "kexec file based system call" > select KEXEC_CORE > + select HAVE_IMA_KEXEC > help > This is new version of kexec system call. This system call is > file based and takes

Re: [PATCH v13 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

Lakshmi Ramasubramanian writes: > On 12/22/20 4:19 PM, Thiago Jung Bauermann wrote: >> Lakshmi Ramasubramanian writes: >> >>> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h >>> index 6ebefec616e4..7c3947ad3773 100644 >>> --

Re: [PATCH] powerpc/mm: Limit allocation of SWIOTLB on server machines

Hi Ram, Thanks for reviewing this patch. Ram Pai writes: > On Fri, Dec 18, 2020 at 03:21:03AM -0300, Thiago Jung Bauermann wrote: >> On server-class POWER machines, we don't need the SWIOTLB unless we're a >> secure VM. Nevertheless, if CONFIG_SWIOTLB is enabled we

[PATCH] powerpc/mm: Limit allocation of SWIOTLB on server machines

WIOTLB in those cases. Fixes: eae9eec476d1 ("powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory") Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/mm/mem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/mm/mem.c b/arch/powerp

Re: [PATCH v7 1/4] powerpc: Refactor kexec functions to move arch independent code to kernel

> This one is already present in ima and there's no change in that in my > patches. > > 2, The other one is remove_ima_kexec_buffer() called from setup_ima_buffer() > defined in "arch/powerpc/kexec/ima.c" > > This function removes the "ima buffer" node f

Re: [PATCH v10 1/8] powerpc: fix compiler warnings and errors

e_ima_buffer() and arch_ima_add_kexec_buffer(). > > Co-developed-by: Prakhar Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian > Reviewed-by: Mimi Zohar These warnings showed up when using `make W=1`, and this patch fixes them. Thanks! Revi

Re: [PATCH v10 2/8] powerpc: Move delete_fdt_mem_rsv() to drivers/of/kexec.c

.h > index 9e93bef52968..d0234c4815da 100644 > --- a/include/linux/kexec.h > +++ b/include/linux/kexec.h > @@ -407,6 +407,11 @@ static inline int kexec_crash_loaded(void) { return 0; } > #define kexec_in_progress false > #endif /* CONFIG_KEXEC_CORE */ > > +#if defined(CONFIG_OF_FLATTREE) This would also change to require CONFIG_KEXEC_FILE. > +extern int delete_fdt_mem_rsv(void *fdt, unsigned long start, > + unsigned long size); > +#endif /* CONFIG_OF_FLATTREE */ > + > #endif /* !defined(__ASSEBMLY__) */ > > #endif /* LINUX_KEXEC_H */ -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v10 3/8] powerpc: Move ima buffer functions to drivers/of/kexec.c

gt; Co-developed-by: Prakhar Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian I'd personally squash this patch with the next one, but I'll leave it just as a suggestion since maintainers are the ones who know best what works well in this regard. The co

Re: [PATCH v10 4/8] powerpc: Use ima kexec node functions

tava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian Looks good. Thanks! Reviewed-by: Thiago Jung Bauermann > --- > arch/powerpc/kexec/ima.c | 58 +--- > 1 file changed, 7 insertions(+), 51 deletions(-) > &

Re: [PATCH v10 5/8] powerpc: Move remove_ima_buffer() to drivers/of/kexec.c

-by: Lakshmi Ramasubramanian Looks good. Just minor comments below. Nevertheless: Reviewed-by: Thiago Jung Bauermann > --- > arch/powerpc/include/asm/ima.h | 8 ++-- > arch/powerpc/kexec/ima.c | 26 -- > drivers/of/kexec.c | 29 +++

Re: [PATCH v10 6/8] powerpc: Move ima_get_kexec_buffer() and ima_free_kexec_buffer() to ima

NFIG_IMA_KEXEC is enabled and remove "#ifdef CONFIG_IMA_KEXEC" > in arch/powerpc/kexec/ima.c. Nice. > Co-developed-by: Prakhar Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian > Reviewed-by: Mimi Zohar Reviewed-by: Thiago Jung Bauermann

Re: [PATCH v10 7/8] powerpc: Move arch_ima_add_kexec_buffer to ima

pc. > > Move arch_ima_add_kexec_buffer() to > security/integrity/ima/ima_kexec.c so that it is accessible for > other architectures as well. > > Signed-off-by: Lakshmi Ramasubramanian Not sure if the maintainers will agree with me (see below), but FWIW: Reviewed-by: Thiago Jung Bauermann >

Re: [PATCH v10 8/8] arm64: Add IMA log information in kimage used for kexec

Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC to indicate > that the IMA measurement log information is present in the device tree > for ARM64. > > Co-developed-by: Prakhar Srivastava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian Revie

Re: [PATCH] iommu: Don't use sme_active() in generic code

; sme_active() is x86 specific and can't be called from > generic code on other platforms than x86. > > Fixes: 2cc13bb4f59f ("iommu: Disable passthrough mode when SME is active") > Signed-off-by: Joerg Roedel Thank you! -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v4 02/16] powerpc/pseries: Introduce option to build secure virtual machines

Michael Ellerman writes: > On Tue, 2019-08-20 at 02:13:12 UTC, Thiago Jung Bauermann wrote: >> Introduce CONFIG_PPC_SVM to control support for secure guests and include >> Ultravisor-related helpers when it is selected >> >> Signed-off-by: Thiago Jung Bauermann

[PATCH v4 05/16] powerpc/pseries/svm: Add helpers for UV_SHARE_PAGE and UV_UNSHARE_PAGE

From: Ram Pai These functions are used when the guest wants to grant the hypervisor access to certain pages. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/ultravisor-api.h | 2 ++ arch/powerpc/include/asm/ultravisor.h | 24

[PATCH v4 03/16] powerpc: Add support for adding an ESM blob to the zImage wrapper

e comments. ] Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/boot/main.c | 41 ++ arch/powerpc/boot/ops.h| 2 ++ arch/powerpc/boot/wrapper | 24 +--- arch/powerpc/boot/zImage.lds.S | 8 +++ 4 files changed, 72 insert

[PATCH v4 07/16] powerpc/pseries: Add and use LPPACA_SIZE constant

Helps document what the hard-coded number means. Also take the opportunity to fix an #endif comment. Suggested-by: Alexey Kardashevskiy Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/kernel/paca.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch

[PATCH v4 10/16] powerpc/pseries/svm: Unshare all pages before kexecing a new kernel

, unsharing of pages is skipped. NOTE: While testing crashkernel, make sure at least 256M is reserved for crashkernel. Otherwise SWIOTLB allocation will fail and crash kernel will fail to boot. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/ultravisor

[PATCH v4 06/16] powerpc: Introduce the MSR_S bit

| +---+---+---+---+ | 0 | 1 | 1 | Problem (HV) | +---+---+---+---+ Signed-off-by: Sukadev Bhattiprolu Signed-off-by: Ram Pai [ cclaudio: Update the commit message ] Signed-off-by: Claudio Carvalho Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/reg.h

[PATCH v4 04/16] powerpc/prom_init: Add the ESM call to prom_init

switching to secure mode. Signed-off-by: Ram Pai [ andmike: Generate an RTAS os-term hcall when the ESM ucall fails. ] Signed-off-by: Michael Anderson [ bauerman: Cleaned up the code a bit. ] Signed-off-by: Thiago Jung Bauermann --- .../admin-guide/kernel-parameters.txt | 5 + arch/power

[PATCH v4 01/16] powerpc/kernel: Add ucall_norets() ultravisor call handler

. For that reason, the ucall.S file is placed under arch/powerpc/kernel. If ultravisor is not enabled, the ucalls will be redirected to the hypervisor which must handle/fail the call. Thanks to inputs from Ram Pai and Michael Anderson. Signed-off-by: Claudio Carvalho Signed-off-by: Thiago Jung

[PATCH v4 08/16] powerpc/pseries/svm: Use shared memory for LPPACA structures

here. Introduce helper is_svm_platform() which uses the S bit of the MSR to tell whether we're running as a secure guest. Signed-off-by: Anshuman Khandual Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/svm.h | 26 arch/powerpc/kernel/paca.c | 43

[PATCH v4 00/16] Secure Virtual Machine Enablement

ng a new kernel Ryan Grimm (2): powerpc/pseries/svm: Export guest SVM status to user space via sysfs powerpc/configs: Enable secure guest support in pseries and ppc64 defconfigs Sukadev Bhattiprolu (3): powerpc: Introduce the MSR_S bit powerpc/pseries/svm: Disable doorbells in SVM gue

[PATCH v4 02/16] powerpc/pseries: Introduce option to build secure virtual machines

Introduce CONFIG_PPC_SVM to control support for secure guests and include Ultravisor-related helpers when it is selected Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/asm-prototypes.h | 2 +- arch/powerpc/kernel/Makefile | 4 +++- arch/powerpc/platforms

[RFC PATCH v4 11/16] powerpc/pseries/svm: Export guest SVM status to user space via sysfs

-by: Ryan Grimm Signed-off-by: Thiago Jung Bauermann --- .../ABI/testing/sysfs-devices-system-cpu | 10 ++ arch/powerpc/kernel/sysfs.c | 20 +++ 2 files changed, 30 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b

[PATCH v4 12/16] powerpc/pseries/svm: Disable doorbells in SVM guests

Pai and Michael Anderson. Signed-off-by: Sukadev Bhattiprolu Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/platforms/pseries/smp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/smp.c b/arch/powerpc/platforms/pseries/smp.c index

[PATCH v4 14/16] powerpc/pseries/svm: Force SWIOTLB for secure guests

into the ARCH_HAS_MEM_ENCRYPT hooks and call swiotlb_update_mem_attributes() to convert SWIOTLB's memory pool to shared memory. Signed-off-by: Anshuman Khandual [ bauerman: Use ARCH_HAS_MEM_ENCRYPT hooks to share swiotlb memory pool. ] Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/mem_encrypt.h | 26

[PATCH v4 09/16] powerpc/pseries/svm: Use shared memory for Debug Trace Log (DTL)

From: Anshuman Khandual Secure guests need to share the DTL buffers with the hypervisor. To that end, use a kmem_cache constructor which converts the underlying buddy allocated SLUB cache pages into shared memory. Signed-off-by: Anshuman Khandual Signed-off-by: Thiago Jung Bauermann --- arch

[PATCH v4 13/16] powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests

Secure guest memory is inacessible to devices so regular DMA isn't possible. In that case set devices' dma_map_ops to NULL so that the generic DMA code path will use SWIOTLB to bounce buffers for DMA. Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/platforms/pseries/iommu.c | 11

[PATCH v4 16/16] powerpc/configs: Enable secure guest support in pseries and ppc64 defconfigs

From: Ryan Grimm Enables running as a secure guest in platforms with an Ultravisor. Signed-off-by: Ryan Grimm Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/configs/ppc64_defconfig | 1 + arch/powerpc/configs/pseries_defconfig | 1 + 2 files changed, 2

[PATCH v4 15/16] Documentation/powerpc: Ultravisor API

-by: Claudio Carvalho Signed-off-by: Thiago Jung Bauermann --- Documentation/powerpc/ultravisor.rst | 1055 ++ 1 file changed, 1055 insertions(+) diff --git a/Documentation/powerpc/ultravisor.rst b/Documentation/powerpc/ultravisor.rst new file mode 100644 index

Re: [PATCH v3 13/16] powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests

Hello Christoph, Thanks for your review. Christoph Hellwig writes: > On Tue, Aug 06, 2019 at 02:22:34AM -0300, Thiago Jung Bauermann wrote: >> @@ -1318,7 +1319,10 @@ void iommu_init_early_pSeries(void) >> of_reconfig_notifier_register(_reconfig_nb); >> reg

Re: [PATCH v3 11/16] powerpc/pseries/svm: Export guest SVM status to user space via sysfs

Michael Ellerman writes: > Thiago Jung Bauermann writes: >> Michael Ellerman writes: >>> Thiago Jung Bauermann writes: >>>> From: Ryan Grimm >>>> User space might want to know it's running in a secure VM. It can't do >>>

Re: [PATCH v3 08/16] powerpc/pseries/svm: Use shared memory for LPPACA structures

Michael Ellerman writes: > Thiago Jung Bauermann writes: >> Michael Ellerman writes: >>> Thiago Jung Bauermann writes: >>>> From: Anshuman Khandual >>>> >>>> LPPACA structures need to be shared with the host. Hence they need to be i

Re: [PATCH 00/12] Secure Virtual Machine Enablement

Hello, Thiago Jung Bauermann writes: > This series enables Secure Virtual Machines (SVMs) on powerpc. SVMs use the > Protected Execution Facility (PEF) and request to be migrated to secure > memory during prom_init() so by default all of their memory is inaccessible > to th

Re: [PATCH v5 1/3] powerpc: Refactor kexec functions to move arch independent code to IMA

() is still duplicated in generic code and powerpc code. It's a small and simple function though, so not really a problem. I think you'll need to move over remove_ima_buffer() if you agree with the comment I'll make on patch 3, in which case the powerpc-specific do_get_kexec_buffer() can be r

Re: [PATCH v5 2/3] arm64: Store IMA log information in kimage used for kexec

ava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian > Reported-by: kernel test robot warning: no previous > prototype for 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes] Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v5 3/3] arm64: Add IMA kexec buffer to DTB

remove any existing FDT_PROP_IMA_KEXEC_BUFFER property and also its corresponding memory reservation, so that you avoid accumulating stale memory reservations for non-existing IMA kexec buffers from previous kexecs. -- Thiago Jung Bauermann IBM Linux Technology Center

[PATCH v3] powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory

of memblock_alloc_low(). Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/svm.h | 4 arch/powerpc/mm/mem.c| 6 +- arch/powerpc/platforms/pseries/svm.c | 26 ++ 3 files changed, 35 insertions(+), 1 deletion(-) Changes from v2

Re: [PATCH v3] powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory

Christoph Hellwig writes: > On Tue, Aug 18, 2020 at 07:11:26PM -0300, Thiago Jung Bauermann wrote: >> POWER secure guests (i.e., guests which use the Protection Execution >> Facility) need to use SWIOTLB to be able to do I/O with the hypervisor, but >> they don't ne

Re: [PATCH v3] powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory

Konrad Rzeszutek Wilk writes: > On Tue, Aug 18, 2020 at 07:11:26PM -0300, Thiago Jung Bauermann wrote: >> POWER secure guests (i.e., guests which use the Protection Execution >> Facility) need to use SWIOTLB to be able to do I/O with the hypervisor, but >> they don't ne

[PATCH v2] powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory

of memblock_alloc_low(). We also need to add swiotlb_set_no_iotlb_memory() in order to set the no_iotlb_memory flag if initialization fails. Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/svm.h | 4 arch/powerpc/mm/mem.c| 6 +- arch/powerpc/platforms

Re: [PATCH] swiotlb: Allow allocating buffer anywhere in memory

Hello Christoph, Christoph Hellwig writes: > On Sat, Aug 15, 2020 at 05:45:36PM -0300, Thiago Jung Bauermann wrote: >> POWER secure guests (i.e., guests which use the Protection Execution >> Facility) need to use SWIOTLB to be able to do I/O with the hypervisor, but >

Re: [PATCH v2] powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in memory

Christoph Hellwig writes: > On Mon, Aug 17, 2020 at 06:46:58PM -0300, Thiago Jung Bauermann wrote: >> POWER secure guests (i.e., guests which use the Protection Execution >> Facility) need to use SWIOTLB to be able to do I/O with the hypervisor, but >> they don't ne

Re: [PATCH v4 4/5] arm64: Store IMA log information in kimage used for kexec

ava > Signed-off-by: Prakhar Srivastava > Signed-off-by: Lakshmi Ramasubramanian Reviewed-by: Thiago Jung Bauermann IMHO this patch and the next one can be squashed together. Also, a minor comment below. > --- > arch/arm64/include/asm/ima.h | 17 + >

Re: [PATCH v4 5/5] arm64: Add IMA kexec buffer to DTB

rwise nothing stops the new kernel from stomping over it. E.g., powerpc does: ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr, image->arch.ima_buffer_size); -- Thiago Jung Bauermann IBM Linux Technology Center

[PATCH] swiotlb: Allow allocating buffer anywhere in memory

initialization problem we are seeing in secure guests with 128 GB of RAM: they are configured with 4 GB of crashkernel reserved memory, which leaves no space for SWIOTLB in low addresses. Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/mm/mem.c | 7 ++- include/linux/swiotlb.h | 8

Re: [PATCH 04/13] module: use RCU to synchronize find_module

Christoph Hellwig writes: > On Thu, Jan 28, 2021 at 05:50:56PM -0300, Thiago Jung Bauermann wrote: >> > struct module *find_module(const char *name) >> > { >> > - module_assert_mutex(); >> >> Does it make sense to replace the asse

Re: [PATCH 04/13] module: use RCU to synchronize find_module

len, > > struct module *find_module(const char *name) > { > - module_assert_mutex(); Does it make sense to replace the assert above with the warn below (untested)? RCU_LOCKDEP_WARN(rcu_read_lock_sched_held()); > return find_module_all(name, strlen(name), false); &g

Re: [PATCH v15 09/10] arm64: Call kmalloc() to allocate DTB buffer

Joe Perches writes: > On Thu, 2021-01-28 at 00:52 -0300, Thiago Jung Bauermann wrote: >> The problem is that this patch implements only part of the suggestion, >> which isn't useful in itself. So the patch series should either drop >> this patch or consolidate the F

Re: [PATCH] powerpc/mm: Limit allocation of SWIOTLB on server machines

Konrad Rzeszutek Wilk writes: > On Fri, Jan 08, 2021 at 09:27:01PM -0300, Thiago Jung Bauermann wrote: >> >> Ram Pai writes: >> >> > On Wed, Dec 23, 2020 at 09:06:01PM -0300, Thiago Jung Bauermann wrote: >> >> >> >> Hi Ram, >> >

Re: [PATCH v2 2/2] memblock: do not start bottom-up allocations with kernel_end

Mike Rapoport writes: > On Sat, Jan 23, 2021 at 06:09:11PM -0800, Andrew Morton wrote: >> On Fri, 22 Jan 2021 01:37:14 -0300 Thiago Jung Bauermann >> wrote: >> >> > Mike Rapoport writes: >> > >> > > > Signed-off-by: Rom

Re: [PATCH v15 09/10] arm64: Call kmalloc() to allocate DTB buffer

Lakshmi Ramasubramanian writes: > On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote: >> Will Deacon writes: >> >>> On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote: >>>> On 1/27/21 8:52 AM, Will Deacon wrote: >>>> >&g

Re: [PATCH v15 09/10] arm64: Call kmalloc() to allocate DTB buffer

suggestion by Rob Herring: > This could be taken a step further and do the allocation of the new > FDT. The difference is arm64 uses vmalloc and powerpc uses kmalloc. The > arm64 version also retries with a bigger allocation. That seems > unnecessary. in https://lore.kernel.org/linux-integrity/20201211221006.1052453-3-r...@kernel.org/ The problem is that this patch implements only part of the suggestion, which isn't useful in itself. So the patch series should either drop this patch or consolidate the FDT allocation between the arches. I just tested on powernv and pseries platforms and powerpc can use vmalloc for the FDT buffer. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted

Michael S. Tsirkin writes: > On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote: >> >> Michael S. Tsirkin writes: >> >> > On Sun, Jul 14, 2019 at 02:51:18AM -0300, Thiago Jung Bauermann wrote: >> >> >> >> >> &g

Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted

Michael S. Tsirkin writes: > On Mon, Jul 15, 2019 at 07:03:03PM -0300, Thiago Jung Bauermann wrote: >> >> Michael S. Tsirkin writes: >> >> > On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote: >> >> >> >> Michael

[PATCH] powerpc/prom_init: Undo relocation before entering secure mode

. Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init") Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/elf.h | 3 +++ arch/powerpc/kernel/prom_init.c| 11 +++ arch/powerpc/kernel/prom_init_check.sh | 3 ++- 3 files c

Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode

Thiago Jung Bauermann writes: > The ultravisor will do an integrity check of the kernel image but we > relocated it so the check will fail. Restore the original image by > relocating it back to the kernel virtual base address. > > This works because during build vm

Re: [RFC][PATCH 0/2] Add support for using reserved memory for ima buffer pass

trd. Such a > support exits only in powerpc. > This patch makes the carry over of logs architecture independent and puts the > complexity in a driver. If I'm not mistaken, the code at arch/powerpc/kexec/ima.c isn't actually powerpc-specific. It could be moved to an arch-independent directory and used by any other architecture which supports device trees. I think that's the simplest way forward. And to be honest I'm still trying to understand why you didn't take that approach. Did you try it and hit some obstacle or noticed a disadvantage for your use case? -- Thiago Jung Bauermann IBM Linux Technology Center

[PATCH 0/2] Testcases for protection keys feature in powerpc/next

these tests separately from the one coming from x86 so here they are. Thiago Jung Bauermann (2): selftests/powerpc: Add ptrace tests for Protection Key registers selftests/powerpc: Add core file test for Protection Key registers tools/testing/selftests/powerpc/include/reg.h | 1 + tools

[PATCH 2/2] selftests/powerpc: Add core file test for Protection Key registers

This test verifies that the AMR, IAMR and UAMOR are being written to a process' core file. Signed-off-by: Thiago Jung Bauermann --- tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/core-pkey.c | 460 + 2 files changed, 464

[PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

This test exercises read and write access to the AMR, IAMR and UAMOR. Signed-off-by: Thiago Jung Bauermann --- tools/testing/selftests/powerpc/include/reg.h | 1 + tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/child.h | 130

[PATCH 1/3] x86/Kconfig: Move ARCH_HAS_MEM_ENCRYPT to arch/Kconfig

powerpc and s390 are going to use this feature as well, so put it in a generic location. Signed-off-by: Thiago Jung Bauermann --- arch/Kconfig | 3 +++ arch/x86/Kconfig | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index c47b328eada0

[PATCH 2/3] DMA mapping: Move SME handling to x86-specific files

, other architectures will have different names so this gets unwieldy quickly. Signed-off-by: Thiago Jung Bauermann --- arch/x86/Kconfig | 1 + arch/x86/include/asm/dma-mapping.h | 7 +++ arch/x86/include/asm/mem_encrypt.h | 10 ++ include/linux/mem_encrypt.h

<    1   2   3   4   5   6   7   8   9   10   >